ID CVE-2015-3240
Summary The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service (assertion failure and daemon restart) via a zero DH g^x value in a KE payload in a IKE packet.
References
Vulnerable Configurations
  • cpe:2.3:a:libreswan:libreswan:3.14:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.14:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 13-02-2023 - 00:48)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1273719
title libreswan FIPS test mistakenly looks for non-existent file hashes and reports FIPS failure
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • comment libreswan is earlier than 0:3.15-5.el7_1
      oval oval:com.redhat.rhsa:tst:20151979001
    • comment libreswan is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20151154002
rhsa
id RHSA-2015:1979
released 2015-11-04
severity Moderate
title RHSA-2015:1979: libreswan security and enhancement update (Moderate)
rpms
  • libreswan-0:3.15-5.ael7b_1
  • libreswan-0:3.15-5.el7_1
  • libreswan-debuginfo-0:3.15-5.ael7b_1
  • libreswan-debuginfo-0:3.15-5.el7_1
refmap via4
bid 77536
confirm
gentoo GLSA-201603-13
mlist [Openswan Users] 20150827 Openswan 2.6.45 released
sectrack 1033418
Last major update 13-02-2023 - 00:48
Published 09-11-2015 - 16:59
Last modified 13-02-2023 - 00:48
Back to Top